MDC, the owner of the Velcom mobile phone operator that was the subject of a data breach earlier this month, has stressed that Belarusian law fails to protect people’s privacy and that a subcontractor was to blame for the leak of a database of subscriber records. Experts at InfoWatch point out that, in terms of privacy, legislation is far superior in neighboring Russia.
Last week it was reported that Belarus mobile phone operator Mobile Digital Communications (MDC) suffered a major leak involving a private client database. Now the company, which trades under the brand name Velcom, is considering taking legal action against those responsible for releasing information about its subscribers.
The mobile operator made no attempt to deny the fact that a “new” database had appeared on the Internet. A spokesman for the company said that under Belarusian law telephone numbers and their attributes were not considered confidential information, meaning the data breach did not constitute a violation of the customers’ rights. Nevertheless, the company said it would strive to maintain a policy that restricted access to its clients’ data as much as possible, suggesting that the management at MDC understand the importance of respecting their clients’ privacy.
The company has apologized for any inconvenience caused to its customers, but has also stated that it was not to blame for the data appearing on the Internet. “The party responsible for the subscriber information being compromised has been identified,” Velcom’s press service announced. According to the mobile operator, the telephone numbers and other details were handed over to a local bank so that it could check the accuracy of subscriber payments. In other words, MDC has directly accused the bank of compromising the database and has even said that legal measures will be taken to protect its reputation. Only time will tell if the legal course is successful; more often than not insiders manage to evade any form of punishment.
“How can we avoid a comparison here between legislation in Belarus and neighboring Russia? Russia has a federal law on ‘Personal data’ which is due to come into force in February 2007. The law not only ‘prohibits’ data leaks but also stipulates the need for subcontractors to protect private details that they receive during outsourcing. If a breach like the one in Belarus occurs in Russia after January 2007, then the subscribers will be able to take the operator to court to demand compensation for emotional and material damage,” explains Denis Zenkin, marketing director at InfoWatch.
Source: Onliner.ru
